Do you install any additional software on my servers?
We do not require additional software for user and group information and file system information (e.g., permissions, directory hierarchy, file sizes, etc.) on any platform. To collect data access audit events on Microsoft SharePoint, Microsoft Windows and UNIX/Linux platforms, Varonis requires the installation of a small stub-service. For Network Appliance and EMC NAS devices, there is no additional software installed as all the audit information is provided by the hardware itself

Is there any performance impact on my production servers?
For NAS devices, we have typically measured between a 1% and 2% increase in utilization – something not even measurable in most environments. For Microsoft Windows, Microsoft SharePoint and UNIX/Linux environments, the Varonis agent is co-installed with a 'watchdog' service that ensures the data collection exercise never exceeds defined boundaries of CPU and memory utilization.

Can I only report on permissions using your product, or can I actually change them?
The Varonis IDU suite provides complete visibility and the ability to affect changes to user, group and file system security permissions (either as an administrator or delegate data owner using the appropriate interface)

Can I integrate the Varonis IDU suite into my existing applications?
Varonis DatAdvantage allows for scheduled, exportable reports on all information collected – into a variety of formats (CSV, Excel, etc). Varonis DataPrivilege also provides a web services-based interface to integrate data ownership actions (e.g., entitlement review, grant / revoke permissions, etc.) directly to the file system and to incorporate input and output streams for existing applications.

Do you use Microsoft Windows auditing?
No Varonis implementation uses Microsoft Windows auditing. All information collected and presented is based on a unique Varonis file filter that provides comprehensive information and has minimal impact on the monitored file system.

• Datasheet
• Use Case Example For DatAdvantage For Windows
• Resource Center (Whitepapers, Use Cases, Guides, etc)

DatAdvantage provides a single interface through which administrators can perform data governance activities. Core functionalities include:

• Visibility
  • Complete, bi-directional view into the permissions structure of unstructured and semi-structured file systems:
    • Displays data accessible to any user or group, and
    • Users and groups with permissions to any folder
  • User and group information from directory services is linked directly with file and folder access control data
• Complete Audit Trail
  • Usable audit trail of every file touch on monitored servers
  • Detailed information on every file event in a normalized database that is searchable and sortable
  • Data collection performed with minimal impact to the file server and without requiring native Windows auditing
• Recommendations and Modeling
  • Actionable intelligence on where excess file permissions and group memberships can be safely removed without affecting business process
  • Model permissions changes without affecting production environments
• Data Ownership Identification
  • Statistical analysis of user activity effectively identifies business owners of data
  • Automated reports involve data owners in data governance processes
  • Facilitates round-trip data owner involvement via DataPrivilege
• Extensible Framework
  • Easily extends to accommodate additional metadata streams
  • Easily extends to accommodate additional platforms

Windows Permissions Challenges

• Who has access to a folder?
• Which folders does a user or group have access to?

On any given day, determining who has access to a folder isn't exactly easy, especially if groups on the folder's ACL contain one or more nested groups. Determining which folders a given group provides access to is downright difficult—without a program or script, an administrator has check every folder just to begin the investigation. Determining who should and should not have access to any given folder is simply impossible without automation.

See how DatAdvantage addresses these challenges

Windows Access Auditing Challenges

• Who deleted my files?
• Who has been accessing my folder?
• What data has this user been accessing?

More than 95% of file access activity is not audited by IT. Why? Because native Windows auditing is so resource intensive and difficult to decipher, it is rarely enabled. The result is that IT cannot answer fundamental questions like, "Who has been accessing my folder? Who deleted my data? What data has this person accessed?"

See how DatAdvantage addresses these challenges

Windows Operational Challenges

• What folders are open to the "everyone group", authenticated user, or domain users?
• How do I fix those folders without disrupting my users?

Most permissions and group membership changes are performed manually and are untested prior to execution. Cleaning up global access groups (everyone, domain users, authenticated users, etc.) is especially difficult. Without access auditing, IT needs to make a guess as to who accesses a data set, manually effect the changes, and hope they don't get a call from an end user that can no longer access data they require to do their job.

See how DatAdvantage addresses these challenges

Data Ownership Challenges

• Who owns this data?
• How can I help them make effective data protection and management decisions?

Organizational data owners should be making decisions about who gets access to their data and its proper use— not IT. Yet, 91% of organizations lack processes for determining who owns a given data set. Without a data owner that understands the sensitivity, importance, and organizational context, data cannot be managed and protected by the right people.

See how DatAdvantage addresses these challenges

High Risks

• Where do my users have excessive permissions?
• How do I revoke permissions without disrupting my users?
• Who has been accessing an unusual amount of data?

It is difficult to identify excessive permissions; remediating excessive permissions without disrupting organizational processes is even more difficult. As a result, access to data is rarely revoked. Excessive permissions and the lack of an audit trail leave data at risk for loss, theft, tampering and misuse—with no way to determine what happened after the fact.

See how DatAdvantage addresses these challenges

Our 30-Day Free Trial provides a full audit of your file system or your SharePoint environment. Audit permissions, auditing access, usage statistics, recommendations, impact analysis, and identification of business owners.

Within hours of installation
You can instantly conduct a permissions audit: File and folder access permissions and how those map to specific users and groups. You can even generate reports.

Within a day of installation
Varonis DatAdvantage will begin to show you which users are accessing the data, and how

Within 3 weeks of installation
Varonis DatAdvantage will actually make highly reliable recommendations about how to limit access to files and folders to just those users who need it for their jobs.

Get the Varonis View. Sign-up for the 30-Day Free Trial.